PT-2014-3301 · Daum · Daumgame Activex
Daniel Chechik
·
Published
2014-01-30
·
Updated
2017-08-29
·
CVE-2013-7246
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
DaumGame ActiveX plugin versions 1.1.0.4 through 1.1.0.5
Description
The issue is related to a buffer overflow in the
IconCreate method of an ActiveX control. This allows remote attackers to execute arbitrary code via a long string. The issue has been exploited in the wild.Recommendations
For DaumGame ActiveX plugin versions 1.1.0.4 and 1.1.0.5, consider disabling the
IconCreate method as a temporary workaround until a patch is available.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Daumgame Activex